Tetrad Digital Integrity (TDI) is a 25 year old cybersecurity firm built for high-consequence environments where mission, complexity, and trust intersect. We are looking for an exceptional DoW Cloud ISSO to support RMF and security execution for a mission-critical cloud-hosted defense system. This is a high-visibility engagement with frequent change, heavy stakeholder involvement, and a system treated as a high-value target. This is not a template compliance role. We need a team player who is a mission-focused operator who can execute with urgency, drive progress through ambiguity, and deliver customer excellence under pressure while partnering tightly with the Cybersecurity Program Lead. RESPONSIBILITIES: + Own the RMF “engine room”: maintain day-to-day RMF execution across all phases (categorization, control selection, implementation, assessment, authorization, and continuous monitoring) for modern cloud-hosted systems. + Apply DoD cloud security policies, NIST SP 800-53 controls, CNSS policies, and DoD-specific frameworks such as the Cloud Computing SRG and applicable AI-related guidance. + Develop and maintain RMF artifacts including SSPs, SARs, POA&Ms, control implementation details, evidence mappings, and assessor-ready supporting documentation with strict traceability from control → implementation → evidence. + Execute POA&M management with discipline: validate substantiation, track owners/dates, drive remediation follow-through, and ensure closure evidence is real and audit-ready (no “paper POA&Ms”). + Support security change governance activities (CCB inputs, impact analyses, drift detection) and ensure artifacts/evidence stay aligned to reality after each approved change. + Conduct security engineering analysis for cloud-native and containerized workloads hosted in Google Cloud Platform (GCP), including baseline validation for Kubernetes/Docker environments and control-implementation verification. + Assist with threat modeling, vulnerability assessments, and risk analysis tailored to cloud environments and (as applicable) AI/ML and LLM components. + Partner with system architects, developers, DevSecOps, and platform teams to integrate security throughout the SDLC and translate requirements into actionable implementation steps and measurable evidence outputs. + Support SCAs and coordinate with third-party assessors by preparing artifacts, evidence packages, interview prep, and timely responses to RFIs including managing RFI intake, tracking, and closure. + Monitor, track, and report security compliance posture through Continuous Monitoring (ConMon) processes and recurring metrics/dashboards including vulnerability and configuration compliance trends, control health, and evidence freshness. + Optimize and automate compliance operations: develop repeatable workflows (scripts/automation; responsible AI-enabled methods where appropriate) to reduce manual evidence collection, improve quality, and shorten cycle time. QUALIFICATIONS: + Active Top-secret clearance. + Required security certification: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO. (More standard for IAM II / ISSO-type role) + Demonstrated experience supporting or leading DoD RMF for modern systems, including authorization package contributions and post-ATO sustainment activities. + Strong working knowledge of NIST 800-53 and practical RMF execution (inheritance strategy, evidence planning, assessor/AO engagement support, and risk tradeoffs). + Hands-on cloud security experience (AWS/Azure/GCP) including IAM, logging/monitoring, networking, encryption/KMS, and secure architecture patterns; GCP experience preferred. + Experience with STIG implementation/validation in production environments. + Strong writing and communication skills: able to produce assessor- and customer-ready deliverables with minimal oversight in a high-change environment. + Demonstrated adoption of automation (scripts, repeatable workflows, and responsible AI-enabled methods) to reduce manual compliance effort and improve quality. + Comfort operating in high-change environments with CCBs, shifting priorities, and competing stakeholder demands. + Cloud certification (e.g., CCSP or cloud provider security/professional certs such as Google’s Professional Cloud DevOps Engineer, Professional Cloud Security Engineer, or Professional Cloud Network Engineer). OVERALL MATCH: If you are looking for a template-driven RMF job, stable requirements, or work where someone else keeps the artifacts/evidence aligned to reality, this will not be a fit. If you can execute RMF with urgency, run disciplined POA&M and evidence management, keep pace with CCB-driven change, and deliver customer-ready outputs with minimal oversight, we want to meet you. TDI does business with the federal government, which restricts employment to individuals who are either US citizens or lawful permanent residents of the United States. “TDI is an Equal Opportunity Employer. Employment decisions are made based on individual qualifications, merit, and business needs. We do not discriminate in employment opportunities or practices based on race, color, religion, sex, or national origin, in accordance with applicable federal laws.” Powered by JazzHR